On 29/12/2012 23:53, Polytropon wrote:
On Sat, 29 Dec 2012 22:43:29 +0100, Martin Laabs wrote:
So from the security point of view it might be a good choice to have a
unencrypted and (hardware) readonly boot partition.
To prevent unintended modification by <attacker> of the
boot process's components, an option would be to have the
system boot from a R/O media (SD card, USB stick or USB
"card in stick") and then _remove_ this media when the
system has been booted. Of course this requires physical
presence of some kind of operator who is confirmed to
handle this specific media. The rest of the system on
disk and the data may be encrypted now, and if (physically)
stolen, the disks are useless. I agree that such kind of
security isn't possible everywhere, especially not if
you cannot physically access your server.
To prevent further "bad things" (like someone steals
this "boot stick"), manually entering a passphrase in
combination with the keys on the stick could be required.
Of course a strong passphrase would have to be chosen,
and not written on the USB stick. :-)
The options <attacker> has on a _running_ system with
encrypted components is a completely different topic.
I think a good idea would be to store the key directly in the
bootloader, but that needs a large enough partition scheme that can
store the bootloader (boot0 or boot1) plus the encryption key. However
this needs to add support for that in both boot files and will be bigger.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
